AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Data possibly stolen and council services offline after Glasgow cyber attack
June 25, 2025
Glasgow City Council has warned that personal data may have been stolen in a cyber attack affecting its services. The local authority was alerted to malicious activity on servers managed by a third-party supplier on June 19. Due to affected servers being taken offline, a number of services are currently unavailable, including planning applications, paying parking ...
- AT&T agrees to $177 million settlement over data breach
June 25, 2025
Current and former AT&T customers may be eligible for a payout from a $177 million settlement connected to two data breaches. A U.S. judge granted preliminary approval on June 20 to the settlement that resolves lawsuits against AT&T over the 2019 and 2024 incidents. The company announced in July 2024 that call and text message records ...
- U.S. Department of Defense Employee Charged with Unlawful Retention of Classified Documents
June 24, 2025
A civilian employee of the U.S. Department of Defense (DoD) was arrested and made her initial court appearance yesterday to face charges of unauthorized removal and retention of classified documents. Ewa Maria Ciszak, 64, of Huntsville, Alabama, is charged with knowingly removing and retaining classified documents and materials. According to court documents unsealed today in the ...
- M&S cyber attack deepens as tech partner TCS denies blame
June 20, 2025
Tata Consultancy Services (TCS), the tech firm at the centre of speculation around the M&S cyber attack, has claimed that none of its systems or users were compromised in the incident. The statement, delivered at the company’s annual shareholder meeting, is the first public comment from the group since M&S was hit by a major cyber ...
- UBS bank reports data leak after attack on its external supplier
June 18, 2025
Zurich-based banking giant UBS Group has confirmed that company information was stolen during a cyberattack on one of its external suppliers, though it assured that no client data was compromised. The bank said the breach was part of a larger cyber incident affecting multiple companies, including former UBS affiliate Chain IQ and Swiss private bank Pictet. ...
- Scania hit by cyberattack – thousands of customers potentially affected
June 18, 2025
Swedish automotive manufacturer Scania has confirmed suffering a cyberattack which saw it lose sensitive customer data. Security researchers Hackmanac found a new thread on a dark web forum, in which a database allegedly stolen from ‘insurance.scania.com’ was being offered for sale to an exclusive buyer for an unknown sum of money. “hi guys. we hacked new ...

